Digital Hezbollah and Political Warfare in Cyberspace
Over the past decade, Hezbollah has developed into one of the main cyber-protagonists of today’s global arena.
THE THIRTY-three-day Second Lebanon War also marked the beginning of Iran and Hezbollah’s intense collaboration in cyberspace and, in particular, the latter’s discovery of the strategic advantages offered by cyber-influence—an aspect that went largely unnoticed at the time. During this conflict, the Shia militia started launching relatively advanced cyber-attacks against Israeli and U.S. websites. However, what immediately distinguished these cyber-sabotage acts is that they were systematically exploited as public relations operations aimed at promoting the cause, image, and ideological doctrine of the Lebanese militia. As Ben Schaefer notes, in addition to compromising legitimate websites, these attacks “focused on spreading Hezbollah’s propaganda.” The Party of God largely contributed to setting a new hybrid trend since the Iranian Cyber-Army only got into the habit of advertising its actions for the purpose of psychological and political gains in the early 2010s.
However, it was not until 2011 that Hezbollah began to really develop a cyber-army comparable to that of its Iranian patron. In 2010, Stuxnet, which allowed the United States to temporarily neutralize the Iranian nuclear program, acted as an accelerator pushing the IRGC to invest massively in the training and recruitment of cyber-experts. A report by the British Technology firm Small Media indicates that, between 2013 and 2015, the Islamic regime increased its spending on cybersecurity by 1,200 percent. The new priority given by Iran to the expansion of cybernetic weapons and the notable surge in investments in this area directly translated into a synchronous development of Hezbollah’s electronic action units which, almost simultaneously, increased its research and development efforts “for its own cyber abilities.” For example, it is in 2015 that the Israeli-based cyber-threat intelligence firm Check Point Software Technologies located the birth of the so-called Hezbollah Cyber-Army (HCA) and the launch of its Volatile Cedar campaign designed to compromise hundreds of Israeli or Western public-facing servers—a campaign whose degree of sophistication leaves little doubt regarding the close ties uniting the HCA and IRGC’s Cyber-Army.
In the second half of the 2010s, Hezbollah leaders realized that while pursuing “classic” cyber-espionage and cyber-sabotage activities, the militia can also leverage social media to develop and pursue cyber-influence operations. The blossoming of companies such as Facebook, YouTube, Telegram, WhatsApp, Signal, and Twitter provided the HCA with the ability to gather, sort, process, transfer, and display information to an audience of unprecedented scale in order to brand itself as one of the leaders of the so-called anti-Israeli, anti-Saudi, and anti-Western “Resistance Front.” Since major social networks did not allow it to have an official presence, Hezbollah quickly got into the habit of using proxy accounts like Al-Manar’s Twitter feed which, at the end of the decade, was already followed by half a million people. The militia’s use of these networks is characteristically similar to that of the Iranian Big Brother: while the latter’s cyber-message, Schaefer assessed, is riddled with references to the theological doctrine of Supreme Leader Ayatollah Ali Khamenei, “the YouTube channel posts videos of speeches by Hassan Nasrullah, the Secretary-General of Hezbollah, while the other platforms allow Hezbollah to carry out diplomacy and intimidation through live broadcasts and online posts.” Quickly, HCA’s methodology diversifies by habitually disseminating its message through a myriad of foreign cells that, although dormant from an operational point of view, are particularly active and vocal in cyberspace. The days of leaflets, posters, and good old radio propaganda seem over.
IMPORTED FROM Iran and fine-tuned over two decades, Hezbollah’s cyber-influence potential has reached a level of maturation that makes it a cyberspace heavyweight. To a large extent, the IRGC’s Cyber-Army continues to provide the HCA with massive material and financial support, some of which has come in the form of technical expertise, which prompted Maj. Gen. (ret.) Yaakov Amidror, a former Israeli national security adviser, to characterize Hezbollah as Iran’s cyber “sub-contractor.” This function was illustrated when, in October 2022, all HCA-affiliated social networks echoed Nasrallah’s words describing Mahsa Amini’s death as a “vague incident” and downplaying the extent of popular protest in Iran. This, however, does not prevent experts from agreeing that HCA has become “self-sufficient” enough to operate autonomously in cyberspace. Its self-sufficiency is particularly illustrated in the information warfare field where the Shia militia now imposes itself as a leading agent of radicalization thanks to its growing capacities for disinformation, manipulation, and cyber-recruitment. In addition to its television and radio stations, Hezbollah runs more than twenty websites in seven languages (Arabic, Azeri, English, French, Hebrew, Persian, and Spanish) as well as a quite complex social media network consisting of a multitude of proxy units through which it can punch well above its weight and disseminate anti-Israeli and anti-Western propaganda regionally and internationally.
In addition to projecting Hezbollah’s soft power towards neutral public opinions, HCA’s media armada has proved to be a formidable mobilization and recruitment apparatus. Formerly subject to rather lengthy and thorough screening by the Jihad Assembly, recruitment has spread beyond the boundaries of Lebanon and is now done via proxy units operating through social media and encrypted platforms such as WhatsApp and Telegram. This is how the Shia militia enlists fighters as well as cyber-warriors from Arab, European, and North American countries eager to join the virtual jihad against Israel, the United States, and their allies.
HCA’s recruitment efforts are doubled by particular care given to the instruction of future propagandists: to this end, HCA runs conferences and boot camps in Lebanon during which foreign trainees are educated in the fundamental tenets of disinformation and cyber-influence. The Telegraph reported in August 2020 that: “…Hizbollah has been flying individuals into Lebanon for courses teaching participants how to digitally manipulate photographs, manage large numbers of fake social media accounts, make videos, avoid Facebook’s censorship, and effectively spread disinformation online.” Beyond the training of individual cyber-warriors, the objective is to build up “troll farms” and “electronic armies” likely to join the ranks of the digital coalition fighting alongside Hezbollah and Iran. Once trained, activists are then sent onto other neighboring countries to transmit their skills to local cyber-armies. Among the main beneficiaries of this know-how transfer are the Houthis in Yemen and Kata’ib Hezbollah in Iraq, which now runs its own “online façade” group. Composed, according to U.S. intelligence, by 400 operatives, Kata’ib Hezbollah’s digital propaganda unit is now fully operational and actively “flooding Facebook with fake accounts and promoting fake news.”
Not content with propagating cyber-armies across the Middle East, HCA is increasingly collaborating with the IRGC’s Cyber-Army on an international scale and, in particular, with an aim to discrediting and destabilizing adversaries such as the United States and European countries. Resorting to disinformation by proxy and “influence laundering” techniques, the two Shia allies are jointly conducting cyber-campaigns designed to sow discord within Western countries by playing on polarizing themes while actively undermining public faith in democratic institutions by, among other things, manipulating the outcomes of electoral processes. According to the U.S. intelligence community, “…Iran carried out a multi-pronged covert influence campaign intended to undercut former President Trump’s re-election prospects…,” while “…a range of additional foreign actors—including Lebanese Hizballah, Cuba, and Venezuela—took some steps to influence the election.” In a more discreet but no less ambitious way, Iran and its Lebanese proxy are also suspected of conducting information operations in several West African countries: these initiatives targeting populations of Lebanese descent living in Senegal, Côte d’Ivoire, Mali, Guinea, Benin, and Mauritania pose a real threat and show the extent of the cyber-influence reach acquired by the Party of God.
IN THE decentralized and deregulated battlefield of today’s cyberspace, persuasion by stealth and mobilization of external partners have become essential dimensions of the modern cyber-diplomacy game. When information is plentiful, the scarce resources are attention and credibility. States pursuing influence strategy must imperatively shift away from wholly government-sponsored structures and cultivate alliances with third parties entrusted with carrying their ideological message abroad. The rationale is that these allies provide credibility, additional reach, pervasive presence in overseas countries, and a capacity to create exuberantly receptive audiences. In addition to the strategic relay that Hezbollah provides to the Islamic Republic of Iran in the Near East, their partnership has been based on the search for this type of mutual benefits. For forty years now, Tehran has provided the Party of God with financial support and technological expertise, while the latter has been bringing in its local legitimacy, its knowledge of the field and its valuable networks of influence to better spread the Islamic regime’s radical pan-Shia and anti-Western message.
Smuggled from Iran and perfected over four decades, Hezbollah’s information-enabled capabilities have come to represent a growing “Quiet Force” which increasingly weighs in the international balance of soft power. As cyber threat analyst Emilio Iasiello notes, “The culmination of [recent] events reveals how a nonstate group, backed by a nation state’s financial and material resources, can quickly develop a mature capability that leverages the full scope of operations in the larger information environment.” Emulating the Iranian propaganda model and absorbing the lessons provided by the IRGC’s Cyber-Army, adopting best practices from both adversaries and allies, learning from disinformation campaigns targeting the United States and Europe, HCA is increasingly establishing itself as an autonomous actor in cyberspace capable of taking the initiative and conducting significant influence operations both in the Middle East and in other regions of the world. Its ability to work in synergy with friendly states and to spawn other cyber-armies capable of mimicking its subversive methods of influence is not simply troubling but alarming.